diff options
Diffstat (limited to 'source4/torture/rpc/bind.c')
| -rw-r--r-- | source4/torture/rpc/bind.c | 245 |
1 files changed, 245 insertions, 0 deletions
diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/bind.c new file mode 100644 index 0000000..7c0d5e4 --- /dev/null +++ b/source4/torture/rpc/bind.c @@ -0,0 +1,245 @@ +/* + Unix SMB/CIFS implementation. + test suite for rpc bind operations + + Copyright (C) Guenther Deschner 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "torture/rpc/torture_rpc.h" +#include "librpc/gen_ndr/ndr_lsa_c.h" +#include "librpc/gen_ndr/ndr_epmapper_c.h" +#include "lib/cmdline/cmdline.h" + +static bool test_openpolicy(struct torture_context *tctx, + struct dcerpc_pipe *p) +{ + struct dcerpc_binding_handle *b = p->binding_handle; + struct policy_handle *handle; + + torture_assert(tctx, + test_lsa_OpenPolicy2(b, tctx, &handle), + "failed to open policy"); + + torture_assert(tctx, + test_lsa_Close(b, tctx, handle), + "failed to close policy"); + + return true; +} + +static bool test_bind(struct torture_context *tctx, + const void *private_data) +{ + struct dcerpc_binding *binding; + struct dcerpc_pipe *p; + NTSTATUS status; + const uint32_t *flags = (const uint32_t *)private_data; + + torture_assert_ntstatus_ok(tctx, + torture_rpc_binding(tctx, &binding), + "failed to parse binding string"); + + status = dcerpc_binding_set_flags(binding, *flags, DCERPC_AUTH_OPTIONS); + torture_assert_ntstatus_ok(tctx, status, "set flags"); + + torture_assert_ntstatus_ok(tctx, + dcerpc_pipe_connect_b(tctx, &p, binding, + &ndr_table_lsarpc, + samba_cmdline_get_creds(), + tctx->ev, + tctx->lp_ctx), + "failed to connect pipe"); + + torture_assert(tctx, + test_openpolicy(tctx, p), + "failed to test openpolicy"); + + talloc_free(p); + + return true; +} + +/** + * Verifies a handle created in a connection is available on + * a second connection when the same association group is + * requested in the bind operation. The LSA interface can't be + * used because it runs in preforking mode in the selftests. + * Association groups should work when binding to interfaces + * running in the same process. + */ +static bool test_assoc_group_handles_external(struct torture_context *tctx, + const void *private_data) +{ + struct dcerpc_binding *binding1 = NULL; + struct dcerpc_binding *binding2 = NULL; + struct dcerpc_pipe *p1 = NULL; + struct dcerpc_pipe *p2 = NULL; + struct epm_Lookup r; + struct epm_LookupHandleFree f; + struct policy_handle handle; + uint32_t assoc_group_id; + uint32_t num_ents = 0; + + ZERO_STRUCT(handle); + + /* Open first pipe and open a policy handle */ + torture_assert_ntstatus_ok(tctx, + torture_rpc_binding(tctx, &binding1), + "failed to parse binding string"); + dcerpc_binding_set_transport(binding1, NCACN_IP_TCP); + dcerpc_binding_set_string_option(binding1, "endpoint", "135"); + + torture_assert_ntstatus_ok(tctx, + dcerpc_pipe_connect_b(tctx, &p1, binding1, + &ndr_table_epmapper, + samba_cmdline_get_creds(), + tctx->ev, + tctx->lp_ctx), + "failed to connect first pipe"); + + r.in.inquiry_type = RPC_C_EP_ALL_ELTS; + r.in.object = NULL; + r.in.interface_id = NULL; + r.in.vers_option = RPC_C_VERS_ALL; + + r.in.entry_handle = &handle; + r.in.max_ents = 1; + + r.out.entry_handle = &handle; + r.out.num_ents = &num_ents; + + torture_assert_ntstatus_ok(tctx, + dcerpc_epm_Lookup_r(p1->binding_handle, tctx, &r), + "failed EPM Lookup"); + torture_assert_int_equal(tctx, + r.out.result, + EPMAPPER_STATUS_OK, + "failed EPM Lookup"); + + /* Open second pipe, different association group. Handle not found */ + torture_assert_ntstatus_ok(tctx, + torture_rpc_binding(tctx, &binding2), + "failed to parse binding string"); + dcerpc_binding_set_transport(binding2, NCACN_IP_TCP); + dcerpc_binding_set_string_option(binding2, "endpoint", "135"); + + torture_assert_ntstatus_ok(tctx, + dcerpc_pipe_connect_b(tctx, &p2, binding2, + &ndr_table_epmapper, + samba_cmdline_get_creds(), + tctx->ev, + tctx->lp_ctx), + "failed to connect second pipe"); + + torture_assert_ntstatus_equal(tctx, + dcerpc_epm_Lookup_r(p2->binding_handle, tctx, &r), + NT_STATUS_RPC_SS_CONTEXT_MISMATCH, + "Unexpected EPM Lookup success"); + + /* Open second pipe, same association group. Handle is found */ + assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding); + dcerpc_binding_set_assoc_group_id(binding2, assoc_group_id); + + TALLOC_FREE(p2); + torture_assert_ntstatus_ok(tctx, + dcerpc_pipe_connect_b(tctx, &p2, binding2, + &ndr_table_epmapper, + samba_cmdline_get_creds(), + tctx->ev, + tctx->lp_ctx), + "failed to connect second pipe"); + + torture_assert_ntstatus_ok(tctx, + dcerpc_epm_Lookup_r(p2->binding_handle, tctx, &r), + "failed EPM Lookup"); + + torture_assert_int_equal(tctx, + r.out.result, + EPMAPPER_STATUS_OK, + "failed EPM Lookup"); + + /* Cleanup */ + f.in.entry_handle = &handle; + f.out.entry_handle = &handle; + + torture_assert_ntstatus_ok(tctx, + dcerpc_epm_LookupHandleFree_r(p1->binding_handle, tctx, &f), + "failed EPM LookupHandleFree"); + + torture_assert_int_equal(tctx, + r.out.result, + EPMAPPER_STATUS_OK, + "failed EPM LookupHandleFree"); + + TALLOC_FREE(p1); + TALLOC_FREE(p2); + TALLOC_FREE(binding2); + TALLOC_FREE(binding1); + + return true; +} + +static void test_bind_op(struct torture_suite *suite, + const char *name, + uint32_t flags) +{ + uint32_t *flags_p = talloc(suite, uint32_t); + + *flags_p = flags; + + torture_suite_add_simple_tcase_const(suite, name, test_bind, flags_p); +} + + +struct torture_suite *torture_rpc_bind(TALLOC_CTX *mem_ctx) +{ + struct torture_suite *suite = torture_suite_create(mem_ctx, "bind"); + struct { + const char *test_name; + uint32_t flags; + } tests[] = { + { + .test_name = "ntlm,sign", + .flags = DCERPC_AUTH_NTLM | DCERPC_SIGN + },{ + .test_name = "ntlm,sign,seal", + .flags = DCERPC_AUTH_NTLM | DCERPC_SIGN | DCERPC_SEAL + },{ + .test_name = "spnego,sign", + .flags = DCERPC_AUTH_SPNEGO | DCERPC_SIGN + },{ + .test_name = "spnego,sign,seal", + .flags = DCERPC_AUTH_SPNEGO | DCERPC_SIGN | DCERPC_SEAL + } + }; + int i; + + for (i=0; i < ARRAY_SIZE(tests); i++) { + test_bind_op(suite, tests[i].test_name, tests[i].flags); + } + for (i=0; i < ARRAY_SIZE(tests); i++) { + test_bind_op(suite, talloc_asprintf(suite, "bigendian,%s", tests[i].test_name), tests[i].flags | DCERPC_PUSH_BIGENDIAN); + } + + torture_suite_add_simple_tcase_const(suite, + "assoc_group_handles_external", + test_assoc_group_handles_external, + NULL); + + return suite; +} |